A Holistic Approach to Cybersecurity Risk Management

No country, company, or private individual can fully utilize the benefits of information technology while protecting all of their own data, communications, or computer networks from every potential cyber threat, regardless of how much time and money they invest in protective systems. Each entity must set priorities, balance tradeoffs, and make choices about cyber protection, knowing that their choices will affect others and that others’ choices will affect them, too. Minimizing the most serious forms of cyber attack, espionage, and crime without hindering beneficial uses of information technology requires skillful multi-stakeholder governance. This project includes a set of research, education, and outreach activities to facilitate that process.

Featured

Faced with a rapidly growing volume and range of cyber attacks, policymakers and organizational leaders have had difficulty setting priorities, allocating resources, and responding effectively without a standard way to categorize cyber events and estimate their consequences. Presidential Policy Directive 41 laid out the Obama administration’s principles for executive branch responses to significant cyber incidents in the public or private sector. But it neither drew important distinctions between different types of cyber incidents, nor gave a standard way to determine...

CISSM Director Nancy Gallagher and Research Scholar Charles Harry were awarded a UMD "Invention of the Year" award at "Innovate Maryland," a UMD celebration of innovation and partnerships held on April 12, 2017.

The University of Maryland's Office of the Provost has awarded CISSM a 3-year $300,000 matching grant to further develop its cyber risk assessment model and to apply the model to existing information technology systems.

The Center for International and Security Studies at Maryland (CISSM), together with the Maryland Global Initiative on Cybersecurity (MaGIC) and the Center for Public Policy and Private Enterprise (CPPPE), visited Tokyo in November 2016 and February 2017 to help senior...

Faced with rapidly growing cyber threats, organizational leaders, and government officials cannot reliably secure all data and digital devices for which they are responsible. The best they can do is conduct strategic risk management. That requires a systematic way to...

Emerging technologies, such as quantum computing, raise the stakes for onilne data exchanges and further obfuscate the risks to users. As it is, few people who exchange their data online understand modern encryption and how to ensure that a provider...

As Americans increasingly buy and install smart devices in their homes, all those cheap interconnected devices create new security problems for individuals and society as a whole. The problem is compounded by businesses radically expanding the number of sensors and...